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Abstract. Finite-state models of control systems were proposed by several researchers as a convenient mech- 
anism to synthesize controllers enforcing complex specifications. Most techniques for the construction of such 
symbolic models have two main drawbacks: either they can only be applied to restrictive classes of systems, or 
CN they require the exact computation of reachable sets. In this paper, we propose a new abstraction technique 

that is applicable to any smooth control system as long as we are only interested in its behavior in a compact 
O set. Moreover, the exact computation of reachable sets is not required. The effectiveness of the proposed 

results is illustrated by synthesizing a controller to steer a vehicle. 

o 

T 1 

^ 1. Introduction 

In the past years several different abstraction techniques have been developed to assist in the synthesis of 
controllers enforcing complex specifications. This paper is concerned with symbolic abstractions resulting from 
d replacing aggregates or collections of states of a control system by symbols. When a symbolic abstraction with 

^ a finite number of states or symbols is available, the synthesis of the controllers can be reduced to a fixed- 

I— I point computation over the finite-state abstraction |Tab09j . Moreover, by leveraging computational tools 

developed for discrete-event systems |KG951 ICL99j and games on automata |dAHMOH IMNA03| IAVW03j . 
one can synthesize controllers satisfying specifications difficult to enforce with conventional control design 
methods. Examples of such specification classes include logic specifications expressed in linear temporal logic 
04 or automata on infinite strings. 

00 

The quest for symbolic abstractions has a long history including results on timed automata |AD90| , rectangular 

• hybrid automata |HKPV98] , and o-minimal hybrid systems [LPSOOi IBM05| . Early results for classes of control 

systems were based on dynamical consistency properties |CW98j . natural invariants of the control system 
[KASLOO] , Z-complete approximations jMRO02| , and quantized inputs and states |FJL02[ IBMP02j . Recent 
results include work on piecewise-affine and multi-afhne systems |H CS06|, IBH06| , set-oriented discretization 
approach for discrete-time nonlinear optimal control problem ( Jun04| . abstractions based on an elegant use 
of convexity of reachable sets for sufficiently small time |Rei09| . and the use of incremental input-to-state 
stability IPGT081 lPT09l IPPDTIOI IGPT09| . 

b 

^ Our results improve upon most of the existing techniques in two directions: i) by being applicable to larger 

classes of control systems; ii) by not requiring the exact computation of reachable sets which is a hard 
task in general. In the first direction, our technique improves upon the results in |BMP021 IHCS06[ IBH06] 
by being applicable to systems not restricted to non-holonomic chained-form, piecewise-affine, and multi- 
affine systems, respectively, and upon the results in |PGT08[ IPT09[ IPPDTIOI IGPT09| by not requiring any 
stability assumption. In the second direction, our technique improves upon the results in jMRO02l IFJL02j by 
not requiring the exact computation of reachable sets. The results in |Jun04j offer a discretization tailored 
to optimal control while our discretization is independent of the control objective. In [Rei09, a different 
abstraction technique is proposed that is also applicable to a wide class of control systems and does not require 
the exact computation of reachable sets. Such technique provides tight over-approximations of reachable sets 
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based on convexity but requires small sampling times. Other efficient techniques are available in the literature 
for computing over-approximations of reachable sets. For example, |JunOO[ IDJ021 ISP| provide tight over- 
approximations of reachable sets, not necessarily convex, at the cost of a higher computational complexity 
than |Rei09j . In contrast to |Rei09l ISP] , our technique imposes no restrictions on the choice of the sampling 
time but provides less tight over-approximations of the set of reachable states. 

In this paper, we show that symbolic models exist if the control systems satisfy an incremental forward 
completeness assumption which is an incremental version of forward completeness. The main contribution of 
this paper is to establish that: 

For every nonlinear control system satisfying the incremental forward completeness assumption, one can con- 
struct a symbolic model that is alternatingly approximately simulated |PT09) by the control system and that 
approximately simulates |GP07] the control system. Although these results are of theoretical nature, we 
also provide a simple way of constructing symbolic models which can be improved by using tighter over- 
approximations of reachable sets such as those described in |Rei09[ lJunOOl IDJ02| . 

We illustrate the results presented in this paper through a simple example in which a vehicle is requested to 
reach a target set while avoiding a number of obstacles. 

2. Control Systems and Incremental Forward Completeness 

2.1. Notation. The identity map on a set A is denoted by 1a- If A is a subset of B we denote hy ia ■ A ^ B 
or simply by i the natural inclusion map taking any a £ A to i{a) = a E B. The symbols N, Z, E, IR+ and 
M.Q denote the set of natural, integer, real, positive, and nonnegative real numbers, respectively. Given a 
vector X € M", we denote by Xi the i-th element of x, and by ||x|| the infinity norm of x. Given a matrix 
M G M"^™, we denote by ||M|| the infinity norm of M. The closed ball centered at a; G M" with radius e is 
defined by B,{x) = {y € M" | ||a; - y\\ < e}. For any set A C M" of the form A = U^ii Aj for some M e N, 
where Aj = n"=i['^i'^i] — with < and positive constant rj < fj, where rj — Yanij^\^... ^M"(]Aj and 
r\Aj — min{|ci{ — cj|, • • • , |c?:^ — c^|}, define [A],, = {a G A | = fciry, fc^ e Z, i = 1, • • • , n}. The set [A]^ will 
be used as an approximation of the set A with precision r\. Note that 7^ for any rj <rj. Geometrically, 
for any 77 S K+ and A > 77 the collection of sets {Bx{p)}p,= [A]^ is a covering of A, i.e. A C lJpe[A]„ '^a(p)- By 
defining [K"],, = {a G K" | = kir],ki S Z,i = 1, • • • ,n}, the set UpGp"]^ I3\{p) is a covering of M" for any 
?/ G M+ and A > 77/2. Given a measurable function / : Rq M", the (essential) supremum (sup norm) of / 
is denoted by |i/||oo; we recall that ||/|loo — (ess) sup {||/(t)|| , i > 0}. A continuous function 7 : Mq — > Mq , is 
said to belong to class /C if it is strictly increasing and 7(0) = 0; function 7 is said to belong to class /Coo if 
7 G /C and 7(r) — )■ 00 as r — )• 00. 

2.2. Control Systems. The class of control systems that we consider in this paper is formalized in the 
following definition. 

Definition 2.1. A control system E is a quadruple E = (M", [),U, f), where: 

• M" is the state space; 

• U C K™ is the input set; 

• W is a subset of all piecewise continuous functions of time from intervals of the form ]a, b[C M to U 
with a < and 6 > 0; 

• / : M" X U — ?► M" is a continuous map satisfying the following Lipschitz assumption: for every compact 
set Q C M", there exists a constant L G M+ such that for all x,y £ Q and all w G U, we have 
\\f{x,u) - f{y,u)\\ < L\\x - y\\. 

A curve ^ :]a, M" is said to be a trajectory of E if there exists v £U satisfying ^(i) — f {£_{t),v{t)), for 
almost all t G ]a, b[. We also write S,xviT) to denote the point reached at time r under the input v from initial 
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condition x = ^xvi^)'-, this point is uniquely determined, since the assumptions on / ensure existence and 
uniqueness of trajectories jSon98] . Although we have defined trajectories over open domains, we shall refer 
to trajectories S^xv :[0,t] — )■ R" and input curves v : [0,t[— )■ U, with the understanding of the existence of a 
trajectory :]a, 6[— >■ M" and input curve v' :]a, &[— ?► U such that £_xv = £.'xv'\[o.t] and v = v'\[o,t[- Note that 
by continuity of ^, ^xv{t) is uniquely defined as the left limit of ^xv{t) with t ^ t. 

A control system S is said to be forward complete if every trajectory is defined on an interval of the form 
]a,oo[. Sufficient and necessary conditions for a system to be forward complete can be found in jAS99] . 



2.3. Incremental forward completeness. The results presented in this paper require a certain property 
that we introduce in this section. 

Definition 2.2. A control system S is incrementally forward complete ((5-FC) if it is forward complete and 
there exist continuos functions (3 : x — M.^ and 7 : x — M.^ such that for every s e M"*", the 
functions /3(-, s) and 7(-, s) belong to class /Coo, and for any x, x' G M", any r e M+, and any v, v' G U, where 
V, v' : [0, t[-> U, the following condition is satisfied for all t E [0, r]: 

(2.1) UxJt)-^x'.'m<l3{\\'X-x'\\,t)+j{\\v-v'\\^,t). 



Incremental forward completeness requires the distance between two arbitrary trajectories to be bounded by 
the sum of two terms capturing the mismatch between the initial conditions and the mismatch between the 



inputs as shown in (2.1 1 



Remark 2.3. We note that 6-FC implies uniform continuity of the map (j)t : M" x U ^ M" defined by 
(j)t{x,v) = ^xv{t) for any fixed t G . Here, uniform continuity is understood with respect to the topology 
induced by the infinity norm on M", the sup norm on U, and the product topology on M" x U. 



Note that a linear control system: 

i^AC + Bv, (it) G M", v{t) G U C 
is (5-FC and the functions (3 and 7 can be chosen as: 

(2.2) f3{r,t) = ||e^*|| r; 7(r,t) = (^J^ B\\ ds 
where ||e'^'|j denotes the infinity norm of C^*. 

The notion of 6-FC can be described in terms of Lyapunov-like functions. We start by introducing the following 
definition which was inspired by the notion of incremental input-to-state stability (J-ISS) Lyapunov function 
presented in |Ang02| . 

Definition 2.4. Consider a control system S and a smooth function V : M" x M" — > Rq . Function V is called 
a (5-FC Lyapunov function for E, if there exist /Coo functions a, a, a, and k G M such that: 

(i) for any x,x' G M", a(||a; - a;'||) < V{x,x') < a(||a; - a;'||); 

(ii) for any 2:' G M" and for any u, w' G U, ^ f{x,u) + §^ f{x' ,u') < kV{x,x') + a{\\u - u'\\). 

The following theorem describes S-FC in terms of the existence of a S-FC Lyapunov function. 

Theorem 2.5. A control system S = (M", U,U, f) is S-FC if it admits a S-FC Lyapunov function. Moreover, 
the functions jS and 7 in {2.1) are given by: 

(2.3) /3(r, t) = (2e'=*a(r)) , 7(r, t) = f 2— — a{r) \ . 

The proof of the preceding result is reported in |ZPMT10] and was inspired by the work in jAS99) . 



4 



MAJID ZAMANI, GIORDANO POLA, MANUEL MAZO JR., AND PAULO TABUADA 



3. Symbolic Models and Approximate Equivalence Notions 

3.1. Systems and control systems. We use systems to describe both control systems as well as their 
symbolic models. A more detailed exposition of the notion of system that we now introduce can be found 
in |Tab09) . 

Definition 3.1. |Tab09j A system S* is a quintuple S = {X, U, — >, Y, H) consisting of: 

• A set of states X; 

• A set of inputs U ; 

• A transition relation — s-C X x U x X; 

• An output set Y; 

• An output function H : X ^ Y. 

System S is said to be: 

• metric, if the output set Y is equipped with a metric d : Y x Y ^ Mj; 

• countable, if A" is a countable set; 

• finite, if A is a finite set. 

A transition (x, u, x') G — > is denoted by x — ^ x' . For a transition x — ^ x' , state x' is called a u-successor, 
or simply successor, of state x. We denote by Post„(a;) the set of u-successors of a state x and by U{x) the 
set of inputs u G t/ for which Post„(2:) is nonempty. We shall abuse the notation and denote by Post„(Z) 
the set Post„(Z) = \J^^^Vostu{x). A system is deterministic if for any state x € X and any input u, 
there exists at most one u-successor (there may be none). A system is called nondeterministic if it is not 
deterministic. Hence, for a nondeterministic system it is possible for a state to have two (or possibly more) 
distinct u-successors. 

Definition 3.2. |Tab09| For a system S — {X,U, — >,Y,H) and given any state G A, a finite state run 
generated from Xq is a finite sequence of transitions: 

Uq U\ U9 — 2 Un — \ 

Xq Xi X2 ■ ■ ■ Xn-1 Xn, 

such that Xi ► Xi^i for all < * < In some cases, a finite state run can be extended to an infinite state 
run. 

An infinite state run generated from xq is an infinite sequence: 

tlO "1 "2 "3 

Xo Xi X2 ► X3 >- ■ ■ ■ 

such that Xi ► xm^i for all i G Nq. 

3.2. System relations. We start by recalling approximate simulation relations, introduced in |GP07| . that 
are useful when analyzing or synthesizing controllers for deterministic systems. 

Definition 3.3. Let Sa = {Xa,Ua, ^ * ,Ya,Ha) and Sb = {Xb,Ub, — ^ ,Yb,Hb) be metric systems with 

the same output sets Ya = Yb and metric d, and consider a precision e G M"*". A relation R C Xa x Xb is said 
to be an e-approximate simulation relation from Sa to Sb, if the following three conditions are satisfied: 

(i) for every Xa G Xa, there exists Xb G Xb with (xa,Xb) G R; 
(n) for every (xa,Xb) G i? we have A{Ha{xa),Hb{xb)) < e; 

(iii) for every {xa, Xb) G i? we have that Xa x'a in Sa implies the existence of Xf, "J* ► x'^^ in Sb satisfying 

{X'a,x'^) G R. 

System Sa is e- approximately simulated by Sb or Sb e- approximately simulates Sa, denoted by Sa :<% Sb, if 
there exists an e-approximate simulation relation from Sa to Sb- 
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For nondeterministic systems we need to consider relationships that explicitly capture the adversarial nature 
of nondeterminism. The notion of alternating approximate simulation relation is shown in jPTOQj to be 
appropriate to this regard. 

Definition 3.4. Let Sa and Sb be metric systems with the same output sets Ya = Fb and metric d, and 
consider a precision e e M+. A relation R C Xa x X}, is said to be an e-approximate alternating simulation 



relation from Sa to if conditions (i), (ii) in Definition 3.3 and the following condition are satisfied: 



(iii) for every {xa,Xb) G R and for every Ua G Uaixa) there exists Ub G Ub{xb) such that for every 
x'f^ e Post„^(a;b) there exists x'^ G Postu^(a;a) satisfying {x'^^^x'^) G R- 

System Sa is alternatingly e-approximately simulated by S^ or S^ alternatingly e- approximately simulates Sa, 
denoted by Sa ^^15 if there exists an alternating e-approximate simulation relation from Sa to Sb- 

It is readily seen from the above definitions that the notions of approximate simulation and of alternating 
approximate simulation coincide when the systems involved are deterministic. 

The importance of the preceding notions lies in enabling the transfer of controllers designed for a symbolic 
model to controllers acting on the original control system. More details about these notions and how the 
refinement of controllers can be performed are reported in |Tab09] . 



4. Symbolic Models for 5-¥G Control Systems 



This section contains the main contribution of the paper. We show that the time discretization of a (5-FC 
control system, suitably restricted to a compact set, admits a finite abstraction. 

The results in this section rely on additional assumptions on U and hi that we now describe. Such assumptions 
are not required for the definitions and results in Sections [2] and |3j We restrict attention to control systems 
E = (K", U, /) with input sets U of the form U = U/=i for some J G N, where = iK. ^ 
with al < hi- For such input sets we define the constant fl = Taiuj^i^... j where /iUj = min{|&{ — 
a{|, • • • , l&m — o,mW- We further restrict attention to sampled-data control systems, where input curves belong 
to IAt containing only constant curves of duration r G i.e. 

Ur^{v: [0,t[^U I v{t)=v{0),t£ [0,r[}. 

Given a sampling time r G M+ and a control system E = (M", U,Z^r, /), consider the system S'r(E) = 
{Xr,Ur, ^ * ,Yr,Hr) Consisting of: 

• Xr= M"; 

• Xt ► x'^ if there exists a trajectory S^x^v^ ■ [0,t] — > M" of E satisfying ^x^v^i''') ~ x'^; 

• Yr ^ M"; 

• Hr = 1r". 

The above system can be thought of as the time discretization of the control system E. Indeed, a finite state 
nm 

Xo Xl >■ ... «- xn 

T T T 

of iS't(E) captures the state evolution of the control system E at times t = 0, r, • • • , Nr. The state run starts 
from the initial condition xq, with control input v, obtained by the concatenation of control inputs Vi (i.e. 
v{t) = ■Lij(O) for any t e [{i - 1)t, irQ, for i = 1, • • • ,N. 

We consider a (5-FC control system E = (M", U,Ut, /), and a quadruple q — (t, t], fi, 6) of quantization param- 
eters, where r G is the sampling time, 77 G M'^ is the state space quantization, /i G M"*" is the input set 
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quantization, and 6 G is a design parameter. Define the system: 

(4.1) 5q(E) = (Xq,f/q, ^ 

consisting of: 

• u, = [uu 

. X, x'^ if |ie.,„,(r)-x^|l </3(0,T)+7(^,T) + r?; 

• Yq = M"; 

• i7q = I : Fq, 



wfiere (3 and 7 are the functions appearing in (2.1). In the definition of the transition relation, and in the 
remainder of the paper, we abuse notation by identifying itq with the constant input curve with domain [0, r[ 
and value itq. 

The transition relation of S^{T?) is well defined in the sense that for every Xq S Xq and every e C/q there 

always exists x'^ S such that x^ — ^ x'^. This can be seen by noting that by definition of Xq, for any 

X G K" there always exists a state x'^ E such that — a;q|| < rj. Hence, for x = £,x^u,,{t) there always exists 
a state x'^ e X^ satisfying - a^qll <V< t) + {fi, r) + rj. 

We can now state the main result of the paper which relates S-FC to existence of symbolic models. 

Theorem 4.1. Let E = (M", \J,Ur, f) be a S-FC control system. For any desired precision e £ and any 
quadruple q = (r, 77, /i, 9) of quantization parameters satisfying fJ- < and rj < e < 6, we have: 

(4.2) 5q(I]) SA^) ^1 ^q(S). 



Proof. We start by proving S'r(S) <S'q(S). Consider the relation R C Xt- x Xq defined by (xT-,Xq) G i? if 
and only if \\HT{xr) — i/q(xq)|| = \\xr — Xq|| < £. Since Xr C IJ^gpn]^ Brjip), for every a;,- G X^- there exists 



Xq G Xq such that: 



(4.3) ||a;r -a;q|| < ?7 < e. 



Hence, (a:T-,Xq) G R and condition (i) in Definition 3.3 is satisfied. Now consider any {xr,x^) G R. Condition 



(ii) in Definition |3.3| is satisfied by the definition of R. Let us now show that condition (iii) in Definition 3.3 
holds. 

Consider any G Ut-. Choose an input G Uq satisfying: 

(4.4) \\Vr - MqlU = \\Vr{0) - Uq{0)\\ < fi. 

Note that the existence of such Uq is guaranteed by the special shape of U, described in the beginning of 
this section, and by the inequality /i < /i which guarantees that U C ljpe[u] ^iJ-ip)- Consider the unique 

transition Xr x'^ = (,x^v^{'t) in S'r(S). It follows from the 5-FG assumption that the distance between 

x'^ and ix^u^ [t] is bounded as: 

(4.5) ||x;-e.,n,(T)|l </?(£, r)+ 7 (m,^)- 
Since Xr C ljpg[jj„]^ B^jip), there exists x'^ G Xq such that: 

(4.6) <77. 
Using the inequalities e <6, (4.5), and (4.61, we obtain: 

Ux,u,{r) - x'qW < ||e.,„,(r)-4|| + ||<-.T;|! 

< (3{e, r) + 7 (m, r) + 77 < /3(0, t) + 7 r) + 77, 
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which, by the definition of 5q(I]), implies the existence of 



in Sq{T,). Therefore, from inequality 



3.3 



holds. 



(4.6) and since rj <e, we conclude (x'^,x'^) £ R and condition (iii) in Definition 

Now we prove S'q(E) ^^15 'S't(S). Consider the relation R C x Xq, defined in the first part of the proof. 
For every Xq € Xq, by choosing Xr = Xq, we have (x-r.Xq) G R and condition (i) in Definition 3.4 is satisfied. 
Now consider any {xT,Xq) G R. Condition (ii) in Definition 3.4 is satisfied by the definition of R. Let us now 



show that condition (iii) in Definition 3.4 holds. Consider any Uq € Uq. Choose the input — Uq and consider 
the unique x'^ = £,x^v^{t) € Post^^(a;7-) in S't(S). From the 6-FC assumption, the distance between x'^ and 
ix.u^ir) is bounded as: 



(4.7) 



||<-^.,«,(T)|j </3(e,r). 



Since Xr C Upe[E"]^ ^vip)^ there exists x'q £ Xq such that: 
(4.8) \K^x'q\\<i^. 



Using the inequalities, e < 6, (4.7), and (4.8), we obtain: 



Ux,u,{t) -x'q\\< ||C.,«,(t) - 411 + 114 - 411 < /3(e, r) + 77 < /3(0, r) + 7 {p^t) + 77, 



which, by definition of 5q(S]), implies the existence of S'q(S]). Therefore, from inequahty ii.Sh 

and since rj < e, we can conclude that (a;^, x' ) £ R and condition (iii) in Definition 



3.3 



holds. 



Remark 4.2. Whenever Ut only contains finite number of curves, the function 7 is not required to construct 
S'q(S). This can be seen by noting that we can use all the elements in Ur when constructing «S'q(S) thus 
eliminating the approximation error on input curves, represented by the term 7(/i, r) in the definition of 



Remark 4.3. The transition relation defined in (4.1) can also be written as: 

(4-9) Xq x'q if B,j{Xq) n Bp(^0,r)+j{f,,r)i^x,u,iT)) 0. 

This shows that we place a transition from Xq to any point x'q for which the ball Br]{x'q) intersects the over- 
approximation of Post n^ (g g(xq)) in S'r(S) given by S/3(e,r)+7(/i,T)(Ca;qtiq ('''))• It is not difficult to see that the 
conclusion of Theorem 4.1 



remains valid if we use any other over-approximation of the set Post^ (;B£(a:q)) in 



The symbolic model >S'q(S) has a countably infinite set of states. In order to construct a finite symbolic 
model we note that in practical applications the physical variables are restricted to a compact set. Velocities, 
temperatures, pressures, and other physical quantities cannot become arbitrarily large without violating the 
operational envelop defined by the control problem being solved. By making use of this fact, we can directly 
compute a finite abstraction 5q£)(E) of 5r(S) capturing the behavior of 5^(2) within a given set D of the 
form -D = Ujli^i for some M e N, where Dj = ]Xi=i[4i4] ^ 1^" with 4 < d{, describing the valid 
range for the physical variables. By having the extra condition < fj, where fj = minj=i_... a/ yy^j^ where 
77Dj =mm{\d{- c{\, - ■ ■ , - c^J}, we define the system Sqoi'^) = {XqD,UqD, ' ,YqD,HqD), where 
UqD = Uq, YqD = Yq, aud HqD = Hq aud 

• XqD — [D]r]', 

• XqD x'q^ if Ux.ou.ni'^) ~ ^\d^ < /^l^*, 4 + 7 (m, 4 + and any 4 G Post„_^^ (xq^) in S'q(S) 
belongs to Xqu; 

Note that Sqoijj) is a finite system because Z? is a compact set. Moreover, the relation R C Xqu x Xq defined 
by {xqD,Xq} G i? if Xqu = a;q is a 0-approximate alternating simulation relation from S'qD(S) to S'q(I]). By 
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combining S^d{^) ^as ^qi^) ^i^^ SqiY.) di^s ^r{^) we conclud£QS'qi5(i;) ^^^5 Hence, any controller 

synthesized for the finite model S^dC^) can be refined to a controller enforcing the same specification on Sri^)- 
Detailed information on how to construct refinements can be found in (TabOQj . 



5. Example 



We illustrate the results of the paper on a vehicle. We borrowed this example from jAMOSj . In this model, 
the motion of the front and rear pairs of wheels are approximated by a single front wheel and a single rear 
wheel. We consider the following model for the vehicle: 

{. cos(Q+e) 
^ — ■^O cos(q) ' 

where a = arctan ^filHlffl^ ^ The position of the vehicle is given by the pair {x,y), and the orientation of the 

vehicle is given by 9. The pair (vq^S) are the control inputs, expressing the velocity of the rear wheel and 
the steering angle, respectively. It is readily seen that E is not incrementally input-to-state stable |Ang02| . 
Hence, the results in |PGT08[ IPT09| cannot be applied to this system. We assume that a = 0.5, 6=1, 
ivo-,S) G U = [—1, 1] X [—1, 1] and that the control inputs are piecewise constant. Since control inputs are 
piecewise constant of duration r, it can be readily checked that for any t £ [0, r], we get: 

x(t) = 77V [sin fa + ^ tan((5)t + 9(0)] - sm(a + 9(0))] + x(0), 

cos(q;) tan(oj L v / J 

yit) = ^ [cos (a + tan{S)t + 9{0)) - cos(a + 9{0))] + y{0), 

cos(a) tan((3) L V / J 

9{t) = jtan{5)t + 9{0), 
if tan((5) ^ 0, and 

x{t) = VaCO8{9{0))t + x(^0), y{t) = vosm{9{0))t + y(^0), 9(t)^9{0), 

if tan((5) = 0. It can be verified that for the given U, the function /3 is given by I3{r,t) = (1 -|- 1.267t)r. Here 
we are assuming that Ut is finite and contains curves taking values in [U]o.3. Hence, as explained in Remark 
|4.2[ the function 7 is not required to construct the abstraction. 



We work on the subset D — [0, 10] x [0, 10] x [— tt, tt] of the state space of E. Our objective is to design a 
controller navigating the vehicle to reach the target set W — [9, 9.5] x [0, 0.5], indicated with a red box in 
Figure [1] while avoiding the obstacles, indicated as blue boxes in Figure [l] and remain indefinitely inside W. 

For a precision e = 0.2, we construct a symbolic model S^oi^) by choosing 9 = 0.2, rj = 0.2, and r = 0.3 



so that assumptions of Theorem 4.1 are satisfied. The computation of the abstraction S'qD(E) was performed 
using the tooQ Pessoa |PES09| . A controller enforcing the specification has been found by using standard 
algorithms from game theory, see e.g. |Tab09j . 

In Figure [ij we show the closed-loop trajectory stemming from the initial condition (0.4, 0.4, 0). It is readily 
seen that the specification are satisfied. In Figure [2j we show the evolution of input signals. 



6. Discussion 



In this paper we showed that any smooth control system, suitably restricted to a compact subset of states, 
admits a finite symbolic model. The proposed symbolic model can be used to synthesize controllers enforcing 

"'^It is shown in ITabOQI that the composition of two alternating simulation relations is still an alternating simulation relation. 
^Pessoa can be freely downloaded from http://www.cyphylab.ee.ucla.edu/pessoa. 
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Figure 1. Evolution of the vehicle with initial condition (0.4, 0.4, 0). 
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Figure 2. Evolution of the input signals. 

complex specifications given in several different formalisms such as temporal logics or automata on infinite 
strings. The synthesis of such controllers is well understood and can be performed using simple fixed-point 
computations as described in |Tab09j . The current limitation of this design methodology is the size of the 
computed abstractions. The authors are currently investigating several different techniques to address this 
limitation such as integrating the design of controllers with the construction of symbolic models |PBD] . Efforts 
by other researchers include the use of non-uniform quantization jTI09) . 
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